WhatsApp Authentication - New version

Alert:

This article contains prerelease information. Release dates, features, and other information are subject to change without notice.

Note:

The new version of this experience includes the most commonly used features, but it does not yet match the full functionality of the classic version. Refer to the Supported Elements page for a list of currently available features and those still in development. Additional features will be added in future releases.

Add an extra layer of security by sending a one-time passcode (OTP) to the recipient’s smartphone via WhatsApp. 

WhatsApp authentication is a premium two-factor verification method that adds strong identity protection. A one-time passcode is sent to the recipient’s phone through the WhatsApp app, and they must enter this code to access the agreement.

The recipient must have an active WhatsApp account, and the phone number linked to that account must be provided to the sender to set up authentication.

Availability:

  • Acrobat Standard and Acrobat Pro: Not Supported
  • Acrobat Sign Solutions: Supported; Disabled by default
  • Acrobat Sign for Government: Not Supported

WhatsApp authentication is a premium method and incurs a per-use charge.

  • Transactions must be purchased in advance through your Adobe sales representative.
  • Transactions are managed at the account level—all groups draw from the same shared pool.
  • WhatsApp authentication shares this pool with Phone/SMS authentication methods.

Configuration scope:

Administrators can enable this feature at the account and group levels.

Access this feature by navigating the administrator's configuration menu to Send Settings > Signer Identification Options

How it's used

When WhatsApp authentication is configured, recipients receive an email message prompting them to enter a verification code to access the agreement. This message includes:

  • The last four digits of the phone number that was configured during the agreement setup so the recipient can confirm where the code will be sent.

  • The sender's name (or designated contact), in case the recipient needs help—for example, to update the phone number on file.

When ready, the recipient selects Send Code to receive the one-time passcode via WhatsApp.

WhatsApp email authentication challenge

After the recipient selects Send Code:

  • The page refreshes to display a field for entering the verification code.
  • A six-digit code is sent via WhatsApp to the phone number provided during setup.
    • The code is valid for 10 minutes. If it expires, the recipient must return to the original email and request a new code.
    • The recipient has a limited number of attempts to enter the correct code. If they exceed this limit, the agreement is automatically canceled, and the sender is notified.
Enter the verification code

When the authentication is passed, the recipient can interact with the agreement.

If the recipient closes the agreement for any reason before completing their action, they must re-authenticate to continue.

Configuring the WhatsApp authentication method when composing a new agreement

When WhatsApp authentication is enabled, the sender can select WhatsApp from the Multi-factor authentication drop-down in the Recipient settings section of the Compose page:

The Recipient settings section highlighting the WhatsApp authentication method and phone number

To use WhatsApp as an authentication method, the recipient must have a phone number registered with WhatsApp. That phone number must be shared with the sender to configure the authentication properly.

Notes:

WhatsApp authentication requires that the recipient has an active WhatsApp account linked to a valid phone number.

If the recipient doesn’t have a WhatsApp account or if the phone number provided is invalid, the process will stop, and an error message will appear, blocking the sending process:

Bogus phone number warning.

Consumption of premium authentication transactions

WhatsApp authentication requires that transactions be purchased and added to the account before they can be used. These transactions are consumed on a per-recipient basis.

  • Each recipient using WhatsApp authentication consumes one transaction.
    Example:
     Three transactions are used if an agreement includes three recipients using WhatsApp authentication.
  • Adding multiple recipients to an agreement reduces the account’s total available transactions by one per recipient using WhatsApp.
  • Canceling a draft agreement returns all WhatsApp authentication transactions to the account’s available balance.
  • Canceling an in-progress agreement does not return the used transactions.
  • Changing the authentication method to WhatsApp (from any other method) consumes one transaction.
  • Switching back and forth between WhatsApp and other methods for the same recipient consumes only one transaction total.
  • Changing from WhatsApp to another method does not return the transaction.
  • Each recipient uses only one transaction, regardless of how often they attempt the authentication process.

Track available volume

To monitor the volume of WhatsApp authentications available to the account:

  • Navigate to Send Settings > Signer Identification Options
  • Select the Track Usage link:
The Send Settings page highlighting the Track Usage link with the information pop-out exposed

Note:

WhatsApp authentication and Phone/SMS authentication and link delivery share the same pool of transactions. Usage of the transactions is broken down in the pop-out ballon to show the volume consumed by SMS delivery and Phone authentication transactions.

Audit Report

The Audit Report clearly identifies that WhatsApp sent a one-time passcode to a phone number for identity verification. 

  • Only the last four digits of the phone number are exposed.
The audit report highlighting the What'sApp authentication events.

If the agreement is canceled due to the recipient being unable to authenticate, the reason is explicitly stated:

Failed authentication - audit log

Best Practices and Considerations

  • If second-factor signature authentication isn't required for your internal signatures, consider the Acrobat Sign Authentication method instead of WhatApp authentication to reduce the friction of signing and save on the consumption of the premium authentication transactions.
  • The phone number tied to the authentication attempt can only be changed for in-process agreements by editing the authentication type on the sender's manage page.

Configuration

WhatsApp authentication includes two sets of controls that can be configured at both the account and group levels:

  • Send Settings – Manage sender access to WhatsApp authentication and configure related options.
  • Security Settings – Set limits on the number of attempts a recipient has to enter the correct verification code.

Enable WhatsApp authentication in Send Settings.

To allow senders to use WhatsApp authentication, enable the option in Send Settings under Signer Identification Options.

The following settings are available:

  • WhatsApp authentication – When this box is checked, WhatsApp becomes an available authentication option during agreement setup.
  • Default country code – Set a default country code for recipients in the group. This helps ensure proper phone number formatting when agreements are sent.
  • Personalize your support contact – Replace the default sender’s email with a custom contact value, such as your support team’s email address. If left blank, the sending user’s email will be used as the contact by default.
The Send Settings admin menu highlighting the WhatsApp Authentication controls.

Configure Security Settings

WhatsApp authentication requires a defined limit on failed verification attempts before canceling the agreement. The default is 10 attempts.

You can set this value on the Security Settings page. A non-zero value is required for WhatsApp authentication to function.

WhatsApp security controls

Automatic cancellation for failed WhatsApp authentication

The agreement is automatically canceled if a recipient exceeds the allowed number of WhatsApp authentication attempts.

The sender receives an email notification that includes the recipient's name who failed to authenticate. No other recipients are notified.

Email notification of the canceled agreement due to ID failure

Get help faster and easier

New user?